Risks of cloud backup in iCloud

ICloud is a cloud synchronization tool provided by Apple to users. It is mainly used to easily restore the same information on previous devices when devices are lost or new devices are purchased. However, after a user's Apple ID is stolen, the user data may be stolen. ICloud backup-related information about iCloud, which Apple provides in Support [^ 1]:### ICloud backup information* Photo and video * device settings * App data (including: Keychain, data Document folder) in purchased music, films, TV programs, apps, and books * "camera film, * Main Screen and App arrangement * Information (iMessage, SMS, and MMS) * ringtone * Visual Voicemail### ICloud backup timeWhen the iOS device is powered on, locked (locked), and connected to a wireless LAN, the cloud backup function automatically runs.### Backup features of iCloudAccording to the official documentation [^ 2] provided by iTunes backup, two methods can be used for iTunes backup: one is to encrypt the backup file with a separate password, the other is password-free encryption. In addition to integrity, the differences between iCloud backup and iTunes backup mainly lie in Keychain data processing. In common iTunes backups, backup of sensitive data (such as keychain) can be encrypted using a separate password or without a separate password (encrypted using hardware information such as UDID ). This option is not configurable. By default, hardware information such as the device's UDID is encrypted. When a separate password is included, sensitive data (such as Keychain) can be directly backed up to the new mobile phone. If you do not set a password (or use the iCloud method) sensitive information (such as Keychain) can be restored on the same mobile phone ).Problems--- Because iCloud backs up App data, including not limited to keychain and program document directories, important iOS storage information will be backed up with iCloud. After a user's Apple ID is stolen, the hacker can restore the backup content of a remote normal user's mobile phone on an iOS device, and implement password-free login to some systems. As of the time of writing this article, this problem persists. (For a long time, test the latest version .) The same problem also exists in iTunes backup. Relatively speaking, it is more difficult and complex to steal the iTunes backup on users' computers than to steal the Apple ID separately. However, if you obtain the iTunes backup and obtain the iTunes backup password, you can completely copy the device, including the Keychain data. Likewise, in the iOS system jailbreak environment, attackers can use programs to forge UDID information and other methods to restore data backup in the Keychain when restoring the backup in iCloud.Solution--- ### File-specific backup for file-specific iCloud backup, you can use NSURLIsExcludedFromBackupKey method [^ 3] of the NSURL class to determine whether the file is included in the backup file. Similarly, you can set this attribute for a file on the device to disable the file from being backed up by iCloud. Applicable to iOS 5.1 and later systems:

``` - (BOOL)addSkipBackupAttributeToItemAtURL:(NSURL *)URL {     assert([[NSFileManager defaultManager] fileExistsAtPath: [URL path]]);     NSError *error = nil;     BOOL success = [URL setResourceValue: [NSNumber numberWithBool: YES]                                   forKey: NSURLIsExcludedFromBackupKey error: &error];     if(!success){         NSLog(@"Error excluding %@ from backup %@", [URL lastPathComponent], error);     }     return success; } ``` 

 

Applicable to iOS 5.0.1:

``` #import <sys/xattr.h> - (BOOL)addSkipBackupAttributeToItemAtURL:(NSURL *)URL {     assert([[NSFileManager defaultManager] fileExistsAtPath: [URL path]]);     const char* filePath = [[URL path] fileSystemRepresentation];     const char* attrName = "com.apple.MobileBackup";     u_int8_t attrValue = 1;     int result = setxattr(filePath, attrName, &attrValue, sizeof(attrValue), 0, 0);     return result == 0; } ``` 

 

Currently, the iCloud method is not disabled in iOS 5.0. The only way to prevent backup is to place files in the Cache folder. [^ 1]: [iCloud: iCloud Backup] (http://support.apple.com/kb/PH2584) [^ 2]: [iTunes: About iOS backups] (http://support.apple.com/kb/HT4946) [^ 3]: [NSURL Class Reference] (https://developer.apple.com/library/ios/documentation/Cocoa/Reference/Foundation/Classes/NSURL_Class/Reference/Reference.html)